Security

1. Our Security Commitment

At EnteStore, security is foundational to everything we build. We employ industry-standard security practices to protect your data, your customers' data, and your business.

2. Data Protection

2.1 Encryption

• In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (HTTPS)
• At Rest: Sensitive data is encrypted using AES-256 encryption
• Passwords: User passwords are hashed using bcrypt with salt

2.2 Payment Security

• We never store credit card numbers or CVV codes on our servers
• Payment processing is handled by PCI-DSS compliant providers (Razorpay)
• All payment pages use secure, tokenized transactions

3. Infrastructure Security

3.1 Cloud Infrastructure

• Hosted on Microsoft Azure with SOC 2 Type II certification
• Data centers located in India for data residency compliance
• Regular automated backups with point-in-time recovery
• Geographic redundancy for disaster recovery

3.2 Network Security

• Web Application Firewall (WAF) protection
• DDoS mitigation and protection
• Regular vulnerability scanning and penetration testing
• Intrusion detection and monitoring systems

4. Access Controls

4.1 Authentication

• OTP-based phone authentication via WhatsApp
• Session management with secure, httpOnly cookies
• Automatic session timeout for inactive users
• Device and location-based login alerts (coming soon)

4.2 Authorization

• Role-based access control (RBAC) for staff members
• Granular permissions for store management
• Audit logging for sensitive operations

5. Operational Security

5.1 Monitoring

• 24/7 infrastructure monitoring and alerting
• Anomaly detection for suspicious activities
• Real-time security event logging

5.2 Incident Response

In the event of a security incident:

1. Immediate containment and assessment
2. Notification to affected users within 72 hours
3. Root cause analysis and remediation
4. Post-incident review and improvements

6. Compliance

• Information Technology Act, 2000: Compliant with Indian IT laws
• Data Protection: Following principles aligned with upcoming DPDP Act
• PCI-DSS: Payment security via certified processors

7. Your Security Responsibilities

Help us keep your account secure:

• Keep your phone and OTP codes confidential
• Log out from shared devices
• Review staff access permissions regularly
• Report suspicious activities immediately
• Keep your contact information updated

8. Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly to:

• Email: security@entestore.in

We appreciate security researchers and will acknowledge valid reports. Please do not publicly disclose vulnerabilities before we've had a chance to address them.

9. Security Updates

We continuously improve our security posture. This page will be updated to reflect new security measures and certifications as they are implemented.

10. Contact

For security concerns or questions:

• Security Team: security@entestore.in
• General Support: support@entestore.in